Share via

Where find account with leaked password

Belan Marek 56 Reputation points
2021-12-08T09:38:47.56+00:00

Hi
we setup password has sync and all about azure ad assword protection in audit mode.

Now where i find account with leaked password?

When i try chenge password do som leaked pass like asdf123456789, in evenlog i see password would normally have been rejected but in audit mode its ok.

So now i need somewhere view all users with leaked password.
Where to find this info?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator
    2021-12-08T12:43:07.95+00:00

    There is no list of users with leaked passwords.
    However if you licensed and using Identity Protection, you can access the User Risk menu and view accounts that triggered that risk:

    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#user-linked-detections

    155899-image.png

    0 comments
  2. Belan Marek 56 Reputation points
    2021-12-08T15:43:32.35+00:00

    Hi
    we have identity protection, user have AAD Premium 2 assigned.
    But when I check our test user with leaked password there is no risk.
    155988-screenshot-2021-12-08-164129.png

    0 comments
  3. Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator
    2021-12-08T15:56:27.52+00:00
    0 comments
  4. Belan Marek 56 Reputation points
    2021-12-09T08:24:10.937+00:00

    Sorry but i dont understand.

    We have account on onprem AD.
    I change password to leaked password. In eventlog i see it was detected and dont be blocked cause its on audit mode.
    Where i see this on azure? Account have 100% leaked pasword why azure dont show this?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.